If you can't be bothered to read up on the basics of public key encryption but you still want to use PGP or GPG to send and receive digitally signed or encrypted mail, then this article should cover the bare minimum you need to get started.

First, once you have chosen an encryption client and a mailer (I recommend GPG with Thunderbird plus Enigmail), self-signed your key, and generated a public/private keypair, you must make your public key public. If anyone is to verify your signed emails, they must have your public key. If anyone is to send you encrypted emails, they must have your public key. Post your public key on the web or email it to your friends.

Third, get your friends to sign your key. Key signatures serve as proofs of identify. By signing your key, I am telling the whole world that I believe that you are who you say you are, so they don't have to take just your word for it. This is even more important when you start exchanging signed and encrypted email with people whom you haven't met.

Fourth, sign the keys of your friends.

Fifth, if you are using Enigmail and want to be standards-compliant, change your default settings to always use PGP/MIME.

Yeah, I gave up on FireGPG. Being able to search my mail is more useful than encrypting it in general. I could just keep unencrypted drafts of emails I receive and hope no one hacks Google or hacks my Google password + second factor.

So, whatsapp or signal?

Since I mentioned 2-factor authentication, anyone hear any updates on whether NIST is really going to remove SMS as a 2nd factor? Even Social Security moved towards requiring SMS 2-factor auth earlier this year (and then stepped back on the requirement, but not for security concerns, but access concerns).https://www.schneier.com/blog/archives/ ... _long.html

Google is likely to never set up WKD since it's in their interest to keep mail in plain text so they can target advertisements to you based on the content of the mail. It would be nice if they did though. Really though, if two parties both use gmail, then the only person who can really spy on the mail are Google and anyone they cooperate with, which is essentially no one.